Security Metrics That Matter: Improving Visibility and Effectiveness

Security metrics for improving management have long been an issue of discussion and debate across the industry. Some experts and practitioners contend that we need these key indicators if we’re ever going to drive down real-world risk, while others think that the concept can’t be applied practically. Some experts feel that we just haven’t found the right numbers to measure security effectiveness yet.

Count RedSeal Networks among the final group… although we think that we’ve made some important headway in helping organizations unearth those figures that will actually allow them to better trend and improve their rates of success.

Expanding on his sold-out keynote at Security BSidesSD, join RedSeal CTO Dr. Mike Lloyd for a webcast: Security Metrics that Matter
As part of his presentation Dr. Mike will outline:

Financial institutions spend billions of dollars on firewalls, proxies, routers and other devices to prevent unauthorized access to their network, but security breaches continue to plague the industry.

While faced with a barrage of attacks, CISOs are dealing with increasingly complex networks due to the cumulative demands of users as well as connectivity requirements, business operations and regulatory compliance mandates. As a result of this increased complexity, financial organizations' IT resources are struggling to meet today's required security standards.

Most large enterprises identify thousands of vulnerabilities every time they conduct a vulnerability assessment. But scanning for vulnerabilities is only the first step—figuring out which vulnerabilities truly matter is the subsequent challenge.

• Is critical financial information at risk because a vulnerability is exposed to the Internet or extranet?
• Has a vulnerability already been effectively mitigated with network-level controls?
• Do vulnerabilities in minor systems allow a hacker to leapfrog to more critical systems?

Join McAfee and RedSeal for an informative webcast to learn why prioritizing remediation efforts according to risk is essential to effective vulnerability management and how the RedSeal Vulnerability Advisor software integrates and analyzes the vulnerability information collected by McAfee’s Vulnerability Manager to give organizations true insight into their vulnerability risk.

The “Jumpstart to RedSeal” demo provides you with a 20 minute overview of the company, what the product does, customer challenges, and how the RedSeal 5 Platform can address them. The highlight - a 15 minute demonstration of the RedSeal UI and reporting features - details how networks can improve their attack defenses, prioritize vulnerabilities based on exposure, evaluate for compliance, and enhance firewall change management processes.

A Wall Street & Technology Webcast: With cyber espionage currently responsible for $13 billion in losses to the U.S. economy, according to the FBI, finding ways to predict and prevent future cyber attacks is vital for businesses. On Wall Street, as the number of devices on enterprise networks continues to grow, cyber espionage perpetrators are capitalizing on the increased complexity of network access to compromise critical data assets. A proactive approach that includes predictive security using visualized network modeling can help you identify access pathways and the associated vulnerabilities and quickly pinpoint the specific systems and devices most susceptible to attack.

The “Jumpstart to RedSeal” demo provides you with a 20 minute overview of the company, what the product does, customer challenges, and how the RedSeal 5 Platform can address them. The highlight - a 15 minute demonstration of the RedSeal UI and reporting features - details how networks can improve their attack defenses, prioritize vulnerabilities based on exposure, evaluate for compliance, and enhance firewall change management processes.

The “Jumpstart to RedSeal” demo provides you with a 20 minute overview of the company, what the product does, customer challenges, and how the RedSeal 5 Platform can address them. The highlight - a 15 minute demonstration of the RedSeal UI and reporting features - details how networks can improve their attack defenses, prioritize vulnerabilities based on exposure, evaluate for compliance, and enhance firewall change management.

Join network security experts Eric Hanselman, Research Director at 451 Research, and Dr. Mike Lloyd, CTO at RedSeal, for this fact-filled webcast where they’ll share their list of the most egregious errors found in network security management, based on hands-on analysis and observation of some of the most complex network environments in the world.

This session will include details on how and why these painful mistakes manifest themselves, and tips on what you can do to prevent them, followed by open Q&A.

Security metrics for improving management have long been an issue of discussion and debate across the industry. Some experts and practitioners contend that we need these key indicators if we’re ever going to drive down real-world risk, while others think that the concept can’t be applied practically. Some experts feel that we just haven’t found the right numbers to measure security effectiveness yet.

Count RedSeal Networks among the final group… although we think that we’ve made some important headway in helping organizations unearth those figures that will actually allow them to better trend and improve their rates of success.

Expanding on his sold-out keynote at Security BSidesSD, join RedSeal CTO Dr. Mike Lloyd for a webcast: Security Metrics that Matter
As part of his presentation Dr. Mike will outline:

Every organization wants to know the answer but few have even attempted to quantify it: What's my ROI, or return, on IT security?

Until now.

Using its proprietary (yet public) methodology, research and best practices specialists IANS has begun helping CSOs and other security officials deduce and measure precisely what they're getting in exchange for all the money they spend. In late 2011, IANS conducted such a study on automotive market experts Polk, specifically related to the company's use of RedSeal solutions.

Please join us for this highly informative webcast during which IANS Faculty Member and industry analyst Diana Kelley outlines the ROS process and guidelines, and then hosts a discussion with Ethan Steiger, Chief Security Officer, Polk about his experiences and milestones using RedSeal. Joining the call will be RedSeal CTO Dr. Mike Lloyd, to provide color commentary and yes, that cool, smart-sounding foreign accent.

In addition to a general overview of the Polk use case, hear more about how the company leveraged RedSeal's proactive security intelligence solution to save time and money, lower real-world risk, automate and simplify regulatory compliance, and garner an ROI figure ofÂ¦ yes, $30 million!

How did IANS arrive at such a massive number? Let's face it, you can spend a lot of money responding to a breach. Though, while that's true, it's truly just a small piece of the larger story.

Security is inherently intangible, so answering questions such as "Is my network secure?” are considerably complex. The ultimate goal is the absence of a breach – how do you measure and show improvement to your internal and external audience?

The traditional approach has been to measure activity – all of the processes that can be recorded: How many times did you change the firewall? How many patches did you deploy? How many times did you update your antivirus signatures? While collecting this data may pacify the auditors, the problem is that you’re measuring busyness, not your business.

In this webinar featuring Securosis analyst and president Mike Rothman, we will explore:
•Today’s security metrics – what most organizations are collecting today vs actionable and useable metrics for decision support
•What and how to communicate network security metrics – internal vs external audiences
•Practical measurement of risk – technology to assess how well your work is preventing problems

Enterprise organizations and government agencies have spent countless years and millions of dollars attempting to segment infrastructure and protect critical assets, but most have no idea how well layered defenses actually work.

Security, networking and audit staff have no centralized means of visualizing the state of protection or current attack surface, end-to-end, or communicating that intelligence.

Management cannot determine the ROI of security spend; risk is prioritized using static ranking; circumvention of simple controls still enables most breaches.

Enter RedSeal Networks, the only provider of proactive security management solutions that offer a continuous method of assessing IT protection and risk exposure. Pinpoint the precise level of access permitted across security infrastructure, informed by the business value of underlying host assets and data. Prioritize risk, validate compliance and manage security using quantitative analysis.